package spring.boot.shiro.config;

import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import spring.boot.shiro.filter.MyFilter;

import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * Created by Administrator on 2018/6/10.
 */
@Configuration
public class ShiroConfig {

    @Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager")SecurityManager manager) {
        /**
         * 配置shiroFilterBean，定义拦截的访问路径以及添加自己实现的过滤器
         * 注入securityManager来管理realm
         *
         */
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //Shiro的核心安全接口,这个属性是必须的
        shiroFilterFactoryBean.setSecurityManager(manager);
        Map<String,Filter> filterMaps = new LinkedHashMap<>();
        //自定义拦截器，myfilter是拦截器别名，指定在哪个访问路径下会去执行此拦截器
        filterMaps.put("myfilter",new MyFilter());
        shiroFilterFactoryBean.setFilters(filterMaps);
        shiroFilterFactoryBean.setLoginUrl("/login");
        shiroFilterFactoryBean.setSuccessUrl("/index");
        shiroFilterFactoryBean.setUnauthorizedUrl("/unauth");
        Map<String, String> filterMap = new LinkedHashMap<>();
        filterMap.put("/login","anon");
        filterMap.put("/adduser","perms[adduser]");
        filterMap.put("/deluser","myfilter");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        return shiroFilterFactoryBean;
    }

    @Bean("securityManager")
    public SecurityManager securityManager(@Qualifier("myRealm")MyRealm myRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myRealm);
        return securityManager;
    }

    /**
     * 自定义realm，重写授权和认证两个方法，授权方法检查是否有访问权限，与缓存数据比较
     * 认证方法控制用户登录操作，这里注入自定义的credentialsMatcher，用来做密码效验功能
     */
    @Bean("myRealm")
    public MyRealm myRealm(@Qualifier("credentialsMatcher") Creadential creadential){
        MyRealm myRealm = new MyRealm();
        myRealm.setCredentialsMatcher(creadential);
        return myRealm;
    }

    /**
     * 密码效验功能自己实现
     */
    @Bean("credentialsMatcher")
    public Creadential credentialsMatcher(){
        return new Creadential();
    }

    /**
     * 以下两个类定义了shiro和spring的关联关系
     * 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager")SecurityManager manager) {
        AuthorizationAttributeSourceAdvisor auth = new AuthorizationAttributeSourceAdvisor();
        auth.setSecurityManager(manager);
        return auth;
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }
}
